Closed lecegues closed 6 months ago
After taking a closer look, this seems to be a problem with the way the JWTSecret is generated. Previously the JWTSecret was exposed in the code, so it was changed to dynamically generate every time the server starts. But, this causes all the tokens that were signed by the JWTSecret to be invalid once a new one is generated upon the server restart.
I believe a constant JWTSecret will fix this; however, I am unsure as to how to store it. From the top of my head, I think that locally, the JWTSecret can be stored using .env
files, GitHub Secrets for storing in the repository, and i am unsure about how to store it for Docker.
/backend/routes/users.js
line 11-17: code that generates a JWTSecret
Update
After taking a closer look, this seems to be a problem with the way the JWTSecret is generated. Previously the JWTSecret was exposed in the code, so it was changed to dynamically generate every time the server starts. But, this causes all the tokens that were signed by the JWTSecret to be invalid once a new one is generated upon the server restart.
Solution??
I believe a constant JWTSecret will fix this; however, I am unsure as to how to store it. From the top of my head, I think that locally, the JWTSecret can be stored using
.env
files, GitHub Secrets for storing in the repository, and i am unsure about how to store it for Docker.Where is the Problem?
/backend/routes/users.js
line 11-17: code that generates a JWTSecret
After testing the same issue with a constant JWT_SECRET value, the bug does not happen anymore. I think this confirms that I'm on the right track
Description
After a server restart, any existing sessions (cookie token) is not handled gracefully-- will shut down the whole backend if it is read by the system.
What could be the problem?
Steps to Reproduce (Local & Dockerized)
Screenshots